HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free and registered users see less advertising! If you just want to browse through the existing questions, just select the forum that you want to visit from the selection below. Otherwise, click here to register!. We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Local Root Hole in Linux Kernels

With today's release of Linux kernel version 2.2.25, Alan Cox announced a vulnerability in the ptrace() system call that affects both the 2.2 and 2.4 stable kernels. The earlier 2.2.24 kernel was released a couple of weeks ago, with today's 2.2.25 release adding only the fix for this ptrace vulnerability. Alan explains:
&quot;The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable.&quot;
When asked whether or not a new 2.4 kernel would be forthcoming as well, Alan suggested, &quot;If you build your own kernels apply the patch, if you use vendor kernels then you can expect vendor kernel updates to appear or have already appeared&quot;. Read on for Alan's complete announcement, as well as a patch that fixes the problem in the 2.4 kernel.